diff --git a/includes/common.php b/includes/common.php
index a0e8f5d..23f7bc9 100644
--- a/includes/common.php
+++ b/includes/common.php
@@ -292,4 +292,4 @@ $script_bundles = [];
 /* Security headers */
 header('X-Frame-Options: SAMEORIGIN');
 header('X-Content-Type-Options: nosniff');
-header("Content-Security-Policy: default-src 'self' data: 'unsafe-inline'; img-src " . implode(' ', $site_info['allowed_image_hosts']));
+header("Content-Security-Policy: default-src 'self' data: 'unsafe-inline'; img-src 'self' data: " . implode(' ', $site_info['allowed_image_hosts']));